Tuesday, January 26, 2010

Hackers Targeted Oil Companies for Oil-Location Data

Three U.S. oil companies were targeted in a coordinated hack that sought valuable information about new discoveries of oil deposits and other data, according to a new report in the Christian Science Monitor.

The hackers sought “bid data,” which details the location of oil deposits around the world as well as their size and value.

“Knowing which one of those blocks is oil-bearing — and which to go for and which not — is clearly worth something,” Paul Dorey, former chief information security officer at BP, told the Monitor. “If I was a foreign government, that’s the data I would want to get — and any analysis that reveals [a company's] intention.”

The three companies that were hit — ExxonMobil, ConocoPhillips and Marathon Oil — didn’t confirm the hacks to the Monitor. But according to sources who spoke with the paper, the companies were unaware of the extent of the attacks until authorities disclosed that the hackers had been siphoning e-mail passwords and other data associated with executives who had access to proprietary oil exploration and discovery information.

“We’ve seen real, targeted attacks on our C-level [most senior] executives,” an anonymous oil company official told the Monitor.

In February 2009, federal officials from the National Cyber Investigative Joint Task Force met with oil company executives and their technology teams to discuss what occurred.

Marathon Oil first became suspicious when, on Nov. 13, 2008, a senior executive in the company’s Houston office received an e-mail that appeared to be a reply to a message she had sent a corporate colleague overseas. The original message, which included a URL, related to the U.S. government’s bailout plan for U.S. banks. The executive did not send the original message and warned colleagues to avoid the e-mail if they received one.

Investigators would ultimately learn that similar e-mails had been sent to key executives at ExxonMobil and ConocoPhillips, as well. Some of the data siphoned from the companies went to computers overseas, including one located in China.

The Monitor doesn’t say what vulnerability the malicious e-mails targeted. And it’s unclear whether hackers managed to obtain the “bid data” they sought.